role added to configuration

internal/config.go

@@ -48,6 +48,9 @@ type Config struct {
 	Secret   []byte `json:"-"`
 	Lifetime time.Duration
 
+  // Authorization
+  RequiredRole        string        `long:"required-role" env:"REQUIRED_ROLE" description:"Required role to verify authorization"`
+
 	// Legacy
 	CookieDomainsLegacy CookieDomains `long:"cookie-domains" env:"COOKIE_DOMAINS" description:"DEPRECATED - Use \"cookie-domain\""`
 	CookieSecretLegacy  string        `long:"cookie-secret" env:"COOKIE_SECRET" description:"DEPRECATED - Use \"secret\""  json:"-"`

internal/provider/oidc.go

@@ -3,7 +3,6 @@ package provider
 import (
 	"context"
 	"errors"
-  "fmt"
 
 	"github.com/coreos/go-oidc"
 	"golang.org/x/oauth2"
@@ -99,9 +98,6 @@ func (o *OIDC) GetUser(token string) (User, Roles, error) {
 		return user, roles, err
 	}
 
-
-	o.log.WithField("idToken", idToken).Debug("getUser")
-
 	// Extract custom claims
 	if err := idToken.Claims(&user); err != nil {
 		return user, roles, err
@@ -112,10 +108,6 @@ func (o *OIDC) GetUser(token string) (User, Roles, error) {
 		return user, roles, err
 	}
 	o.log.WithField("roles", roles).Debug("getUser")
-  for i, r := range roles.Roles {
-    o.log.Debug(fmt.Sprintf("%d, %s", i, r))
-  }
-
 
 	return user, roles, nil
 }

internal/server.go

@@ -186,7 +186,7 @@ func (s *Server) AuthCallbackHandler() http.HandlerFunc {
 		}
     found := false
     for _, r := range roles.Roles {
-      if r == "whoami_admin" {
+      if r == config.RequiredRole {
         found = true
       }
     }